URL Rewrite in httpd.conf - apache

I have a redirect setup on my Apache server within the httpd.conf file that redirects all traffic to "server.mydomain.com" to https://server.mydomain.com/uri. Unfortunately, some users will enter https before the URL and it does not redirect, instead they get Apache error page. I want to know how can I get users who input https before the URL to be redirect to https://server.mydomain.com/uri. I believe I may have to do a rewrite but I'm not sure or know how to go about doing it. I've research about rewrite and found it should be done in the .htaccess file but when I read Apache best practice they state it should not be done within .htaccess file for security and performance. Instead, it should be done within the config file. Since the redirection is working within the httpd.conf file, I would like to incorporate the rewrite there as well. I presume that is the correct according to Apache website. My issue is how do I go about doing this within that file. I've included the file information below. Any assistance is greatly appreciated. The server is using Tomcat 7 with Apache 2.2.15.
httpd.conf file:
</IfModule>
#
ProxyPass /uri/fbs-ws ws://server.mydomain.com:8081/uri/fbs-ws
ProxyPassReverse /uri/fbs-ws ws://server.mydomain.com:8081/uri/fbs-ws
</IfModule>
<VirtualHost *:80>
ProxyPass /uri http://server.mydomain.com:8080/uri
ProxyPassReverse /uri http://server.mydomain.com:8080/uri
Redirect permanent / https://server.mydomain.com/uri
</VirtualHost>

Did you try creating a vhost for 443 and switching to http there via Rewrite?
<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Related

Redirecting HTTP to HTTPS with Apache RedirectPermanent for sites that use modperl

I have an Apache 2.4 site that serves content that is generated by modperl via HTTPS. The relevant Location section is as follows:
<Location />
SetHandler modperl
PerlResponseHandler MyService
</Location>
I would now like to enable the same content via HTTP as well. The following /etc/apache2/sites-enabled/myservice.conf works to some extend in that it redirects URLs with trailing paths but not the "root" page (say, http://myservice.mycompany.com). I suspect this is (also) because this page is special in that it is backed by modperl.
<VirtualHost *:80>
LogLevel debug
ServerName myservice.mycompany.com
RedirectPermanent / https://myservice.mycompany.com
</VirtualHost>
So how can I use RedirectPermanent for redirecting from HTTP to HTTPS for an entire Apache sites, including those pages that are backed by modperl?
To redirect any path in your site, you probably want to use mod_rewrite. These rules should work:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
(I've removed the perl and mod_perl tags from this question. The rewrite happens long before the server cares about how it's going to serve the content.)

Apache Reverse Proxy not Working with Grafana

I'm pulling my hair out because it must be something simple.
I've setup Grafana to run through a subdomain via proxy which works fine. I'm doing basic authentication as well to login to Grafana, this is my apache config:
<VirtualHost *:80>
ServerAdmin webmaster#example.co
ServerName example.co
ServerAlias www.example.co
DocumentRoot /var/www/example.co/public_html/
ErrorLog /var/www/example.co/logs/error.log
CustomLog /var/www/example.co/logs/access.log combined
<Location "/application">
AuthType Basic
AuthName "Graphs Login"
AuthUserFile /var/www/example.co/members/.htpasswd
Require valid-user
ProxyPass http://localhost:3000/
</Location>
ProxyPassReverse /application http://example.co:3000/
</VirtualHost>
And my config in grafana.ini
# The public facing domain name used to access grafana from a browser
domain = example.co
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = %(protocol)s://%(domain)s:%(http_port)s/application/
I've also tried to do this with a 301 redirect:
Redirect 301 /application http://example.co/application/
<Location "/application/">
AuthType Basic
AuthName "Graphs Login"
AuthUserFile /var/www/example.co/members/.htpasswd
Require valid-user
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
The ProxyPass to the domain works fine, however if I use the IP address it doesn't go to the domain, but rather it tries to load it as IP:3000/application which then gives a Grafana error (Blank page with {{alert.title}})
Any idea what I am doing wrong and how I can redirect the IP:3000 to DOMAIN:3000 such as the ProxyPass is doing with Reverse Proxy?
I'm using Ubuntu 12.04
I've done all sorts of things such as adding trailing slashes, removing them from both apache and from grafana configs, i've been using incognito everytime to ensure there is no caching and I just can't get it to work in Reverse Proxy where I'm trying to redirect the IP to the domain that I've set in Grafana and ProxyPass.
Please help!
I am not 100% sure if this may be the issue. However let's give it a try: Try removing the slashes after the ProxyPass directives:
ProxyPass /application http://localhost:3000
ProxyPassReverse /application http://localhost:3000
Grafana seems to be very picky with regard to those slashes. I had several issues with those little buggers :) I will explain the details further below. A very simple working setup (without specific authentication though) looks like this:
Apache
<VirtualHost *:443>
ServerName example.co
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# grafana
ProxyPass /grafana http://thorin:3000
ProxyPassReverse /grafana http://thorin:3000
</VirtualHost>
Grafana
domain = example.co
root_url = %(protocol)s://%(domain)s/grafana
Explanation: Slashes
Next I explain the reason for the unexpected behavior as far as I understood it. For completeness sake I am also adding an issue I had with certain rewrite rules in addition to the proxy setup.
Proxy
So what happens if you keep the slashes?
# WRONG!
ProxyPass /application http://localhost:3000/
ProxyPassReverse /application http://localhost:3000/
In this case, the response you get from Grafana is a ugly page showing {{alert.title} and a bunch of other unformated HTML. The reason for this is that Grafana can not load certain resources:
http://example.co/application/public/build/grafana.dark.css?v5.2.4
http://example.co/application/public/build/vendor.4f5454f867a0cc2fe8dd.js
However, you proxy settings work correctly, right? Well, partially. They have that tiny slash / resulting in the following lookups on your Grafana installation:
http://localhost:3000//public/build/grafana.dark.css?v5.2.4
http://localhost:3000//application/public/build/vendor.4f5454f867a0cc2fe8dd.js
Notice the extra slash / after http://localhost:3000. Try calling those URLs. They do not work. This is Grafana being very picky about URLs :) Thus, removing the extra slashes from your Apache config will do the trick.
At least that is what I came up with so far:)
Rewrite
No, rewrite rules. In our setup we have Jekyll setup in another subpath, say http://example.co/jekyll where we use relative URLs to access resources. This requires a slash at the end of each URL. We solved this by adding following rewrite rule in Apache (there may be better solutions for this; if you have suggestions please let me know):
# add trailing slashes to support relative URLs
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !(.*)\.[a-zA-Z0-9]+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [R=301,L]
This resulted in some funny effects on Grafana:
we could not log in
the admin/admin account worked however it got stuck at changing the default password
all data sources were gone
Turns out that Grafana did not like the redirects and slash policy we introduced here. The solution was to only enable this rewrite rule for applications that needed it:
# add trailing slashes to support relative URLs
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !(.*)\.[a-zA-Z0-9]+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteCond %{REQUEST_URI} ^jekyll.*$
RewriteRule ^(.*)$ $1/ [R=301,L]
Let me know if this helps :)

Apache - Proxy external files to download

Consider this:
we have an external server for files that can be downloaded
our website (plone based) is the interface for downloading them and we try to hide the direct links as much as possible
jquery.fileDownload plugin needs a cookie set on file on download
I'm trying to set our Apache configuration to replace links like this:
original: data-files-example.com/folder/subfolder/file.zip
replaced: our-website-example.com/_downloads/folder/subfolder/file.zip
So, the missing part in my case is: how to set Apache to work like this?
I'm trying:
NameVirtualHost *:80
<VirtualHost :80>
ServerAdmin email#our-website-example.com
ServerName our-website-example.com
RewriteEngine On
RewriteRule "^/_downloads(.)$" "https://data-files-example.com/$1" [P]
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|PROPFIND|OPTIONS|TRACE|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK)$
RewriteRule .* - [F,L]
RewriteRule ^/(.*) http://127.0.0.1:/VirtualHostBase/http/data-files-example.com:80/my_plone_website/VirtualHostRoot/$1 [L,P]
</VirtualHost>
I receive 503 Service Unavailable.
How to fix this?
Try a reverse proxy. Just make sure that mod_proxy and mod_proxy_http are enabled in your Apache configuration and that your proxy rule is set before the VirtualHostBase rule for Plone, if the pattern is the root slash.
ProxyPass /_downloads http://data-files-example.com
ProxyPassReverse /_downloads http://data-files-example.com
When proxying to a https backend you'll also need mod_ssl installed and the directive SSLProxyEngine On.
SSLProxyEngine On
ProxyPass /_downloads https://data-files-example.com
ProxyPassReverse /_downloads https://data-files-example.com
Following code at least rewrites your given original- to your desired target-URL:
<VirtualHost>
SSLProxyEngine On
RewriteEngine On
RewriteCond %{HTTP_HOST} ^our-website-example.com$
RewriteRule "^/_downloads(.*)$" "https://data-files-example.com/$1" [P,L]
</VirtualHost>
This requires the modules mod_ssl, mod_proxy and mod_rewrite to be activated.
Let us know if it was your sought solution and if not, where it went wrong :)

How to redirect directory to another domain with Apache?

I have an Apache server with two domains (via VirtualHost) on it.
The file setup is like this: /example1/example2/
example1 is the root for www.example1.com
example2 is the root for www.example2.com
I would like for www.example1.com/example2/<whatever else> to redirect to www.example2.com/<whatever else>
I have access to the main Apache configuration file. Any tips on how to do this? I'm not very familiar with configuring Apache, so any explanations would be very much appreciated.
The other questions related to this one lacked explanations, so I felt I had to post my own question.
You can use an .htaccess file to do this pretty quickly. In www.example1.com/example2/, you would create this .htaccess file.
<VirtualHost *:80>
...
<Directory /path/to/vhost/>
RewriteEngine on
RewriteBase /example2/
RewriteRule ^(.*)$ http://www.example2.com/$1 [R=301]
</Directory>
</VirtualHost>
This does assume that you want the redirect to be a 301, and that the example2 folder has AllowOverride All set.
This rule works using regex to capture the incoming URL, sans the example2 bit, then appending it to the rewritten URL. The R in the square brackets tells Apache to use a Location header to the rewritten URL. The =301 tells Apache to use a 301 Permanent Redirect header.
If tou have mod_alias active, you can use the Redirect directive:
<VirtualHost *:80>
ServerName example1.com
Redirect 301 /example2 http://www.example2.com
</VirtualHost>

Apache multiple URL to one domain redirect

For the last two day, I've been spending a lot of time to solve my problem, maybe someone can help me.
Problem: I need to redirect different url's to one tomcat webbase-dir used for artifactory.
following urls should point to the tomcat/artifactory webapp:
maven-repo.example.local ; maven-repo.example.local/artifactory ; srv-example/artifactory
Where maven-repo.example.local is the dns for the server-hostname: "srv-example"
I'm accessing the tomcat app through the JK_mod module. The webapp is in the ROOT directory
This is what I've got so far:
<VirtualHost *:80>
#If URL contains "artifactory" strip down and redirect
RewriteEngine on
RewriteCond %{HTTP_HOST} ^\artifactory\$ [NC]
# (how can I remove 'artifactory' from the redirected parameters? )
RewriteRule ^(.*)$ http://maven-repo.example.local/$1 [R=301,L]
ServerName localhost
ErrorLog "logs/redirect-error_log"
</VirtualHost>
<VirtualHost *:80>
ServerName maven-repo.example.local
ErrorLog "logs/maven-repo.example.local-error.log"
CustomLog "logs/maven-repo.example.local-access.log" common
#calling tomcat webapp in ROOT
JkMount /* ajp13w
</VirtualHost>
The webapp is working with "maven-repo.example.local", but with "maven-repo.example.local/artifactory" tomcat gives a 404 - "The requested resource () is not available."
It seems that the mod_rewrite doesn't have taken any effect, even if I redirect to another page, e.g google.com
I'm testing on windows 7 with maven-repo.example.local added in the "system32/drivers/hosts" file
Thanks in advance!
Thanks a lot for your hint #PHP-Prabhu
a simple:
RedirectPermanent /artifactory /.
in the apache httpd.conf did the trick!
First, all Redirects are processed before Aliases are processed, and therefore a request that matches a Redirect or RedirectMatch will never have Aliases applied. Second, the Aliases and Redirects are processed in the order they appear in the configuration files, with the first match taking precedence
Please see this URL
http://httpd.apache.org/docs/2.1/mod/mod_alias.html